ICU: layout engine glyphStorage off-by-one (OpenJDK 2D, 8067699)

An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox...

IBM SDK Java Technology Information Disclosure Vulnerability

IBM SDK Java Technology is a Java Standard Development Kit SDK from IBM. An information disclosure vulnerability exists in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10,7R1 before SR2-FP10 that could allow a remote attacker to obtai...

OpenJDK: DER decoder infinite loop (Security, 8059485)

A flaw was found in the way the DER Distinguished Encoding Rules decoder in the Security component in OpenJDK handled negative length values. A specially crafted, DER-encoded input could cause a Java application to enter an infinite loop when decoded...

ICU: font parsing OOB read (OpenJDK 2D, 8055489)

A boundary check flaw was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could allow an untrusted Java application or applet to disclose portions of the Java Virtual Machine memory...

Oracle JRE/JDK: Multiple vulnerabilities

Background Oracle’s Java SE Development Kit and Runtime Environment Description Multiple vulnerabilities have been discovered in Oracle’s Java SE Development Kit and Runtime Environment. Please review the CVE identifiers referenced below for details. Impact A context-dependent attacker may be abl...

JDK: unspecified partial Java sandbox bypass fixed in Feb 2015 update

Unspecified vulnerability in the Java Virtual Machine JVM in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to bypass intended access permissions and obtain sensitive information via...

ICU: font parsing OOB read (OpenJDK 2D, 8056276)

A boundary check flaw was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could allow an untrusted Java application or applet to disclose portions of the Java Virtual Machine memory...

JDK: unspecified full Java sandbox bypass fixed in Feb 2015 update

Unspecified vulnerability in the Java Virtual Machine JVM in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to escape the Java sandbox and execute arbitrary code via unspecified vector...

Critical: Red Hat Security Advisory: java-1.6.0-ibm security update

Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

JDK: unspecified partial Java sandbox bypass fixed in Feb 2015 update

Unspecified vulnerability in the Java Virtual Machine JVM in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to bypass intended access permissions and obtain sensitive information via...

CVE-2014-9200

Stack-based buffer overflow in an unspecified DLL file in a DTM development kit in Schneider Electric Unity Pro, SoMachine, SoMove, SoMove Lite, Modbus Communication Library 2.2.6 and earlier, CANopen Communication Library 1.0.2 and earlier, EtherNet/IP Communication Library 1.0.0 and earlier, EM...

ICU: font parsing OOB read (OpenJDK 2D, 8055489)

A boundary check flaw was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could allow an untrusted Java application or applet to disclose portions of the Java Virtual Machine memory...

RHEL 6 : java-1.8.0-oracle (RHSA-2015:0080) (POODLE)

Updated java-1.8.0-oracle packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severi...

JDK: unspecified vulnerability fixed in 6u91, 7u75 and 8u31 (Deployment)

Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment...

OpenJDK: class verifier insufficient invokespecial calls verification (Hotspot, 8058982)

A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions...

OpenJDK: insecure hsperfdata temporary file handling (Hotspot, 8050807)

Multiple insecure temporary file use issues were found in the way the Hotspot component in OpenJDK created performance statistics and error log files. A local attacker could possibly make a victim using OpenJDK overwrite arbitrary files using a symlink attack...

JDK: unspecified vulnerability fixed in 6u91, 7u75 and 8u31 (Deployment)

Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment...

java security update

CentOS Errata and Security Advisory CESA-2015:0067 Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System...

OpenJDK: incorrect tracking of ChangeCipherSpec during SSL/TLS handshake (JSSE, 8057555)

It was discovered that the SSL/TLS implementation in the JSSE component in OpenJDK failed to properly check whether the ChangeCipherSpec was received during the SSL/TLS connection handshake. An MITM attacker could possibly use this flaw to force a connection to be established without encryption...

Important: Red Hat Security Advisory: java-1.7.0-openjdk security update

Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, a...